Array
(
    [post_type] => post
    [posts_per_page] => 6
    [order] => DESC
    [orderby] => date
    [ignore_sticky_posts] => 1
    [post__not_in] => Array
        (
            [0] => 42555
        )

    [category__in] => Array
        (
            [0] => 541
        )

)

Essential is proud to be the UK and European distributor of the leading GALsync solution for Microsoft 365, UnitySync.

UnitySync is designed to be as flexible as possible, able to synchronise address lists from a variety of sources and locations, and in a way that respects the political, physical and security concerns of all parties, as well as the timelines over which you want to perform the address list synchronisation process.

As such it can be configured – and licenced – in a number of ways. This article helps explain how it’s licenced – but don’t get confused – just get in touch for a chat and quotation.

How can we purchase UnitySync?

You can elect to purchase UnitySync in two ways:

• Perpetual: Lifetime software licence with annual support and maintenance for upgrades and access to support.
  • Support and maintenance is included for year 1
  • Ongoing maintenance for year 2+ is charged at 15% of licence fee although this may be subject to increases in the event of a licence price increase
  • You can lock in your ongoing maintenance costs by purchasing multiple years ‘upfront’
  • This licencing approach is great if you need to keep syncing for many years to come!

• SaaS Annual Subscription:  12-month Software licence and Support renewed annually
  • Multiple years can be purchased upfront.
  • This licencing approach is ideal if your need for syncing may go aways in a year or so.

How is UnitySync Licenced?

• Base Licence: You will require a minimum of 1 x base licence for each server where UnitySync is installed. This is the central application that allows you to manage synchronisation
• Directory Sync Licences: You will then require a directory licence for each directory service instance you want to ‘sync’. E.g. Entra ID (Active Directory), LDAP, AzureAD/Microsoft 365 each count as one directory licence. See below for what constitutes a directory instance.
• The minimum number of directory licences to purchase is 2.
  • Note that if you want to sync multiple different OUs (e.g. HR, IT, Finance) within the same directory, this only counts as one directory licence and there is no limit on the number of contacts synchronised.
  • If you’re syncing from a CSV File or LDIF File this doesn’t require a licence – it’s free – but you would still need a minimum of 1 x base and 2 x directory licences.
• COPY Licence: If you need to have a copy of your production setup for testing purposes, you can purchase a copy of the Base licence which includes the number of originally ordered directory licences.

Centralised Vs. De-Centralised Licencing

1. Centralised Deployment

This is where you run UnitySync from one server and you only need one base licence. You would then just purchase the number of directories required based on the connections you wanted to make either based on connecting directly to destination directories, or in this case as it’s a source CSV file, you would just need 2 directories as it’s the minimum.

• Best For: Centralised IT, streamlined maintenance, tight control.
• Setup: One UnitySync server handles all sync operations.
• Install Location: Central data centre or server.
• Management: All syncs configured in one place.
• Licensing:
  • Only one base license required.
  • License covers all directory connections (minimum 2).

2. De-Centralised Deployment

Some customers have requirements to replicate UnitySync in multiple regions/locations worldwide, so they install a base licence in each server location, UnitySync captures the contact information from the GAL and this can then either be synced to the other regions if there is an internet connection between them or the contact information can be exported to a CSV/LDIF file which can then be shared with the other locations.

• Best For: Large or distributed organisations, regional autonomy, isolated or high-security environments.
• Setup: Multiple UnitySync servers (e.g., one per region or department).
• Sync Operation: Each handles its own tasks independently.
• Data Sharing: Regions can sync directly or exchange CSV/LDIF files – ideal for ‘air-gap’ situations.
• Licensing:
  • Each install needs its own base license and key.
  • License is based on the directories used per install.

What Counts as One Licenced Directory?

UnitySync supports many types of directories, but for licensing, what matters is the number of distinct directory endpoints, not the type. Here’s what counts as a licensed directory:

Each of the following counts as one licensed directory:

Type of Directory	Example	Licensing Count
Active Directory (AD)	On-prem AD domain controller	1 per unique IP
LDAP	OpenLDAP, eDirectory, SunOne, etc.	1 per unique IP
ODBC	SQL databases via ODBC	1 per DSN
Microsoft 365 / Azure AD	Each Microsoft 365 tenant	1 per tenant
Google Workspace	Each Google org	1 per tenant
CSV/LDIF File (Flat file)	CSV files for import/export	No license needed

Key Notes:

• One directory used as both source and destination = still one license.
• Multiple connections to the same directory = still one license.
• A different AD forest, LDAP server, or cloud tenant = another license.

What Decentralised Models are there?

If there are multiple directories you want to synchronise, synchronising via a centralised master/hub directory is the ideal option, but sometimes this is not possible owing to factors like low network bandwidth and the desire to control synchronisation at each directory site.

In such cases a decentralised approach is possible. Here are three main approaches to configuring how UnitySync is installed in a decentralised model:

1. Hub-and-Spoke Sync

Design:

• Each region runs its own UnitySync instance (spoke).
• All instances sync back to a central directory or central UnitySync instance (hub).

How It Works: Each spoke runs UnitySync with a connection:

• Source = local AD, LDAP, or Microsoft 365 tenant.
• Destination = central AD forest, LDAP, or metaverse.
• Syncs can be one-way or bi-directional.

Example:

• European UnitySync syncs users from EU-AD to an HQ-AD in the United States.
• An Asian UnitySync syncs users from APAC-AD ➝ HQ-AD (in the US, EU or UK)
• HQ may optionally sync back outbound to the spokes if bi-directional flow is needed.

Pros:

• Simple and scalable.
• Each UnitySync instance stays local to its data source (which helps with performance and compliance).

Cons:

• Requires conflict resolution at the central directory.
• Higher license usage (one per UnitySync install, plus one per directory used).

2. Sync via Intermediate CSV/LDIF File

Design:

• Each regional UnitySync exports directory data to a flat file (CSV or LDIF).
• The UnitySync instance imports those files into the central directory.

How It Works: Each regional UnitySync connection exports a flat file (no directory license needed for CSV).

• The central UnitySync instance imports these files into HQ-AD or metaverse.
• Syncs can be scheduled or triggered via automation (e.g. script or cron).

Pros:

• Reduces licensing requirements.
• Ideal for restricted environments (e.g., no direct sync due to firewalls/DLP).

Cons:

• Synchronisation is not real-time.
• Adds complexity: needs file sharing, scripting and scheduling (but we can help with this!).

3. Multi-Hop Sync (Spoke → Hub → Other Spokes)

Design:

• Use a central UnitySync instance as a bridge between spokes.

How It Works:

• Regional UnitySync sends to central directory.
• Central UnitySync syncs that data out to other regions as needed.

Example:

• An EU instance of UnitySync sends user information to an HQ in the US.
• The US HQ then sends information on EU users to UK, Asia, etc.

Pros:

• Keeps control at the centre.
• Allows broader visibility and filtering.

Cons:

• Slightly more latency.
• Requires more complex license tracking – again – we can help with this.

Key Considerations

Topic	Notes
Security	Where security is paramount use firewall rules, IP allow lists, or file transfers instead of direct connections.
Conflict Resolution	When synchronising directories, especially across environments, overlapping or duplicate entries can cause sync errors. Define unique attributes (mailNickName, mail, GUID) to avoid overlaps
File Exports	Using CSV or LDIF files as a middle step avoids licensing more directories
Control	A centralised UnitySync server can oversee multiple synchronisation jobs: – Offers a single pane of glass to monitor sync status, errors, and performance. – Central control simplifies troubleshooting and ensures consistent configurations and logging across all jobs.
Licensing	The more decentralised your synchronisation model is, the more installs + directory licenses you’ll need, but this may be a trade off for the increased flexibility and security you need.